Spoofing Vulnerability in .NET and Visual Studio by Microsoft
CVE-2025-26646

8HIGH

What is CVE-2025-26646?

An external control of file name or path in the .NET Framework, Visual Studio, and Build Tools for Visual Studio enables an authorized attacker to manipulate file paths, leading to potential spoofing attacks over a network. This vulnerability can allow an attacker to execute unauthorized commands or access sensitive information, jeopardizing the integrity and security of applications developed using these platforms.

Affected Version(s)

.NET 8.0 Unknown 8.0.0 < 8.0.16

.NET 9.0 Unknown 9.0.0 < 9.0.5

Build Tools for Visual Studio 2022 Unknown 17.0

References

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-26646 : Spoofing Vulnerability in .NET and Visual Studio by Microsoft